Sign up or log in to watch the video
You click, you lose: a practical look at VSCode's security
Thomas Chauchefoin & Paul Gerste - 6 months ago
Developers are becoming targets of choice for threat actors: by compromising a single developer, software backdoors and supply chain attacks can lead to the compromise of high-profile organisations. For instance, a recent campaign attributed to North Korea targeted prominent developers with malicious Visual Studio projects and browser exploits. At the same time, IDEs offer increasingly advanced features and deep integration in ecosystems, sometimes at the cost of basic security measures. They tried to counterbalance it by introducing new lines of defense (e.g., "Workspace Trust"), whose design led to a cat-and-mouse game to restrict access to sensitive attack surfaces while keeping most features available by default. In this talk, we present the state of the art of Visual Studio Code's security. We show its various attack surfaces and will demonstrate how they are impacted by real-world vulnerabilities. You will now think twice before opening third-party code in your IDE!
Jobs with related skills
IT System Administrator Linux (m/w/d)
NAVAX Group
·
1 month ago
Munich, Germany
Hybrid
Newest jobs
(Senior) Azure Cloud Architekt (m/w/d)
XIBIX Solutions GmbH
·
today
Munich, Germany
+3
Hybrid
Systemadministration Microsoft- & Linux-Server (inhouse)
Allgeier Cyris GmbH
·
today
Hamburg, Germany
Hybrid
Fachinformatiker (m/w/d) für ERP-Integration ohne Reisen
Allgeier Cyris GmbH
·
today
Hamburg, Germany
Hybrid
Related videos